Skip to content

Commit

Permalink
Remove injecting query parameters and POST parameters in controllers …
Browse files Browse the repository at this point in the history
…as it's risky and can break an application easily (if users pass any query/post parameter they want)
  • Loading branch information
mnapoli committed Jul 31, 2015
1 parent cbfa107 commit 5a97b97
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 29 deletions.
2 changes: 1 addition & 1 deletion src/Controller/ControllerResolver.php
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public function getController(Request $request)
$parameters = [
'request' => $request,
];
$parameters += $request->attributes->all() + $request->request->all() + $request->query->all();
$parameters += $request->attributes->all();

return $this->invoker->call($controller, $parameters);
};
Expand Down
28 changes: 0 additions & 28 deletions tests/FunctionalTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -62,34 +62,6 @@ public function should_pass_url_placeholders()
$this->assertEquals('Hello john', $response->getContent());
}

/**
* @test
*/
public function should_pass_query_parameters()
{
$app = $this->createApplication();

$app->get('/', ['DI\Bridge\Silex\Test\Fixture\Controller', 'hello']);

$response = $app->handle(Request::create('/?name=john'));
$this->assertEquals('Hello john', $response->getContent());
}

/**
* @test
*/
public function should_pass_post_data()
{
$app = $this->createApplication();

$app->post('/', ['DI\Bridge\Silex\Test\Fixture\Controller', 'hello']);

$response = $app->handle(Request::create('/', 'POST', [
'name' => 'john',
]));
$this->assertEquals('Hello john', $response->getContent());
}

/**
* @test
*/
Expand Down

0 comments on commit 5a97b97

Please sign in to comment.